Limit users to XD/XA resources in Web Interface 5.4

Let’s take a look at how we can limit access to multiple Farms via Citrix Web Interface 5.4

In the example below… I will be configuring a Web Interface Services Site (PNAgent) in preparation to allow mobile users access to XenApp/XenDesktop via mobile devices such as the iPad, iPhone and Android (yuck). For details on how to configure a Service Site go to the following link.

As you probably know, there are several ways of limiting access via the NetScaler AGEE, however the new CAG Standard edition (5.0.x) has a limitation when utilizing basic logon points.

Solution:

Create your AD groups such as CitrixXenAppUsers and CitrixXenDeskUsers

Create a new Web Interface Service Site (PNAgent) such as PrivateCloudPNA

Configure your new site with access to your Farms, in this case XenApp6.5 and a XenDesktop 5.6

Configure your site to utilize your CAG, with Gateway access

Configure your Access Gateway basic logon point to forward to your new site “PrivateCloudPNA“

Ensure you can launch published Apps and Desktops

Edit your WI site by opening the WebInterface.conf file located under C:\inetpub\wwwroot\Citrix\NameOfYourSite\conf\

Search for Farm1Groups and remove the “#”

Set Farm1Groups=nameofyourdomain\CitrixXenAppUsers

Since we have a XenDesktop farm in this example, we also need to set access to it by entering Farm2Groups=nameofyourdomain\CitrixXenDeskUsers

Now lets get fancy… go to the Citrix Mobile Receiver URL Generator and create a link that you can email the mobile users. This will automatically configure the Citrix Receiver (after installing it of course) to your newly created site.